Comment by bangaladore
Comment by bangaladore 18 hours ago
> I have been loading and using the WinIO driver on windows all the way up to the latest version to read and write any memory I want. I also have a few drivers that are lesser known that are not even flagged by most anti-cheats
I can assure you that you will get banned from a game with a modern anti-cheat using that or you won't even be able to launch the game. Also 'flagged by most anti-cheats' means very little. Most good anti-cheats will delay bans or correlate multiple factors prior to a ban.
> You are going to have to decrypt the memory eventually. Even TEE.fail can get around AMD SEV and Intel's TEE.
You don't have to decrypt it on the RAM wire bus. And the reasons TEE.fail is successful is because they screwed up the crypto as far as I can tell.
> Once you can intercept network traffic and decrypt its game over!
Not sure why you are so hung up on this. You still need to access the memory first. That's what they will detect and prevent. They obviously can't prevent or detect network sniffing if the key is known.
> You do not need an ASIC to interpose DDR5 and steal all the traffic, there are FPGAs that are powerful enough. Once PCIE DMA cards go the way of the dino with IOMMU people will just switch to memory interposers with FPGAs
I've made FPGA designs previously, including custom PCIE DMA cards back in ~2018. It would surprise me if you could find an FPGA capable of reliably sniffing DDDR5 6000+ MT/S without crashing the host system. FPGAs are not nearly as fast as CPUs. Maybe you could somehow hack a FPGA DDR memory interface. But finding one fast enough for DDR5 is probably impossible (or terribly expensive). Maybe https://www.amd.com/en/products/adaptive-socs-and-fpgas/vers... is theoretically possible. But you are looking at a 10k+ chip, if not 20k$+. Such a chip is not going to be easily embeddable and likely requires 10s if not 100s of amps of power delivery.
> I can assure you that you will get banned from a game with a modern anti-cheat using that or you won't even be able to launch the game. Also 'flagged by most anti-cheats' means very little. Most good anti-cheats will delay bans or correlate multiple factors prior to a ban.
Most of what I said is a large oversimplification on the matter. Anticheats absolutely do make use of heuristic patterns to flag drivers that are correlated with known cheaters. Drivers are pretty well flagged now days by anticheats but Windows does virtually next to nothing to prevent people from abusing these RWEverything drivers
>Not sure why you are so hung up on this. You still need to access the memory first. That's what they will detect and prevent. They obviously can't prevent or detect network sniffing if the key is known.
The point is that you don't need a very complicated or long-lived exploit to yoink those keys if you know where to look.
The overarching idea here is that as long as you have physical access to hardware it is going to be very difficult to prevent these kinds of attacks without serious vertical integration and from who? Microsoft really don't seem to care much, CPU/Motherboard/RAM vendors are benefiting from an open market with shared standards and anti-cheat/games do not have enough purchasing power to push over consumers.
I can't comment much on FPGAs because I don't know a huge amount about them so il take your point. There are also countless side channel attacks and ways to leak data from your memory in completely unintended way eg; cache timing or faulty speculative execution